The vulnerability of the NetBSD operating system allows a hacker to bypass the protection against cross-site request forgery attacks.

The vulnerability of the mail.local service in the NetBSD operating system is related to incorrect definition of links before accessing the file. Exploiting this vulnerability allows a malicious actor to bypass security measures against cross-site request forgery by manipulating symbolic links...

CVE-2016-6253

mail.local in NetBSD versions 6.0 through 6.0.6, 6.1 through 6.1.5, and 7.0 allows local users to change ownership of or append data to arbitrary files on the target system via a symlink attack on the user mailbox...

vulnerability in mail.local

hi, mail.local is a little setuid root prog designed, like its name suggest, for local mail delivering. Used with the -l option, we have an interactive mode in lmtp protocol simplified smtp for local mail delivery only A weakness exists in the 'mail from' field that allow any local user to insert...

Дырка в mail.local (mail from: shell)

В некоторых системах mail.local наботает как sgid mail или suid root. Некорректная обработка LMTP-заголовка mail from: позволяет выполнение shell-кода...